ACSAC CWID 2007 Data Diode Case Study. toll free

Transcription

1 ACSAC CWID 2007 Data Diode Case Study toll free

2 Coalition Warrior Interoperability Demonstration (CWID) 2007 Case Studies in Data Diode Application toll free

3 Scope of Presentation Coalition Warrior Interoperability Demonstration (CWID) Case Study: CWID07 Trial 3.27, IIMS Dahlgren Naval Base (Virginia), USA Emergency Response, Command & Control One-way data transfer systems as core service Case Study: CWID07 Trial 1.56, DualDiode Shirleys Bay (Ottawa), Canada Intelligence Data Fusion, Streaming Video Case Study: Virtual Trial Enterprise Data Diode Deployment Summary 3

4 Coalition Warrior Interoperability Demonstration (CWID) what is it? Global international exercise in info sharing Government Government Military Intelligence Military Civil Emergency Response Communications technology demonstration with formal assessment 4

5 What happens during CWID Trials? Simulated natural disasters Earthquake, hurricane, disease pandemic Simulated man-made disasters War, terrorism, environmental disaster Information flows between networks 5

6 Who participates in CWID? Governments US, Canada, UK, Australia, NZ, NATO Military, Intel, Civil Protection Agencies Commercial Defense Contractors (Cross Domain Solution Providers) 6

7 CWID 2007 Dataflow through Owl Equipment 7

8 CWID 2007 Timeline Initial Planning Conference Nov, 2006 Mid Planning Conference 19 Jan 2 Feb, 2007 Final Planning Conference, Mar, 2007 Training for Role Players 4-8 Jun, 2007 Execution Jun,

9 Case Study 1 CWID 2007 Trial 3.27, IIMS, Dahlgren VA Integrated Information Management System Enhance preparedness for natural or man-made threats to homeland security. Early detection of threat or attack biological, chemical, radiological Coordinate response to emergency or attack local, state, federal organizations Sponsor: USAF, developer: US Army 9

10 Sensor array monitors atmospheric environment of metro area in real-time Major Metropolitan Area 10

11 Sensor array provides early warning of toxic event First Sensor Alert Major Metropolitan Area Toxic Explosion 11

12 Sensor array provides event status in real-time Advancing Toxic Plume Major Metropolitan Area Toxic Explosion 12

13 CWID 2007 Trial 3.27 IIMS Architecture Details Unclass Network Secret Network 13

14 CWID 2007 Trial 3.27 IIMS Architecture Details Unclass Network Secret Network 14

15 CWID Trial 3.27 IIMS, Simplified Multi-Network Architecture includes Unclassified and Secret Networks, and Cross Domain Solutions Secret Network: Surveillance, Analysis, Command, Control Sensor Data, Field Reports, Imagery, Event Detection Malware Scan DualDiode DualDiode Content Scan Declass Tool Filtered Reports, Emergency Response, Situational Awareness, Operational Guidance Unclassified Network 15

16 CWID Trial 3.27 IIMS, Simplified Optional Military Surveillance Adds to Operational Picture Secret Network: Surveillance, Analysis, Command, Control Sensor Data, Field Reports, Imagery, Event Detection Malware Scan DualDiode DualDiode Content Scan Declass Tool Filtered Reports, Emergency Response, Situational Awareness, Operational Guidance Unclassified Network 16

17 IIMS exchanges alerts with a civilian mobile Emergency Operation Center (EOC). EOC shares alerts with Federal, State, Local agencies through Open Platform Emergency Networks (OPEN). The EOC is provided by Rapid Response Institute of Monmouth University. The EOC also known as Joint Mobile Command and Training Center. 17

18 Emergency Operation Center (EOC) info processing focuses on Geospatial situational awareness. 18

19 CWID Trial 3.27 IIMS - General Description Accumulate sensor data on low security networks. One-way Transfer data from low to high security networks for analysis, event detection. military surveillance data on secure network enhances situational awareness. One-way Transfer alerts, reports, directives from secure network to civilian networks for joint response. 19

20 Data Diode as Core Service Data flow is separated into two one-way transfer paths subject to different security protocols. Data flow from Unclass to Secret (low to high) requires malware scan before transfer. Data flow from Secret to Unclass (high to low) requires human-review, content scan before transfer. 20

21 Data Diode Justification Why hardware-enforced one-way transfer? cannot be probed or hacked with software rigorous protocol break across domains From low to high, data transfer policy compliant with established data security models From high to low, data transfer always initiated (pushed) from trusted source. 21

22 DualDiode Specifics Send and Receive Owl Cards installed in host computer platforms Send Server Receive Server Create Send and Receive gateways for their respective networks. 22

23 What makes a One-Way Cross-Domain Solution Source Network Destination Network Send Server Receive Server Guard Software Source Platform Destination Platform DualDiode enforces unconditional one-way transfer policy Guard software enforces conditional forward data transfer policy 23

24 CWID Trial 3.27 IIMS, Simplified Multi-Network Architecture includes Unclassified and Secret Networks, and Cross Domain Solutions Secret Network: Surveillance, Analysis, Command, Control Sensor Data, Field Reports, Imagery, Event Detection Malware Scan DualDiode DualDiode Content Scan Declass Tool Filtered Reports, Emergency Response, Situational Awareness, Operational Guidance Unclassified Network 24

25 Low to High Upguard Cross-Domain Solution Additional guard(s) may be placed on high side, if necessary Send Server High Security Destination Network Receive Server Destination Platform Source Platform Malware Scan Guard Software Low Security Source Network Guard software on low side enforces malware-free conditional forward security policy before data transfer using Symantec Scan Engine 25

26 CWID Trial 3.27 IIMS, Simplified Multi-Network Architecture includes Unclassified and Secret Networks, and Cross Domain Solutions Secret Network: Surveillance, Analysis, Command, Control Sensor Data, Field Reports, Imagery, Event Detection Malware Scan DualDiode DualDiode Content Scan Declass Tool Filtered Reports, Emergency Response, Situational Awareness, Operational Guidance Unclassified Network 26

27 High to Low Downguard Cross-Domain Solution High Security Destination Network Source Platform Human Review Content Scan Guard Software Software-assisted human review enforces content restriction conditional forward security policy before document transfer Receive Server Send Server Destination Platform Low Security Source Network 27

28 Trial 3.27 Downguard Details: JWARN, ORMS Downguard Data Review Process Flowchart Human reviewers usmtf file JWARN Declass? Yes Detect dirty words Owl Release Management System (ORMS) No Quarantine Scan report No ORMS Approve? No Quarantine C2PC JWARN Platform Yes 28

29 Case Study 1 Summary: Upguard Data Diode file xfer - malware scan Downguard Data Diode text file xfer - dirty word content scan - multi human review 29

30 Case Study 2 CWID 2007 Trial 1.56 DualDiode, Shirleys Bay, Canada Top Secret Network Secret Network Files only Content Scan Human Review Dual Diode Isolated Network Files only Dual Diode Antivirus scan Unclass Network Streaming Video Dual Diode Data Fusion & Streaming Video 30

31 Top Secret Intelligence Network Trial 1.56 Data Fusion Demonstration Downguard Receive Server Data Source Workstation Secret Data Fusion Network Data Source Workstation Upguard Send Server Upguard Receive Server Data Fusion Workstation Unclass Public Network 31

32 Top Secret Intelligence Network Trial 1.56 Data Fusion Demonstration Downguard Receive Server Data Source Workstation Secret Data Fusion Network Data Source Workstation Upguard Send Server Upguard Receive Server Data Fusion Workstation Unclass Public Network 32

33 Owl Release Management System (ORMS) Trial 1.56 Downguard Data Review Process Flowchart Purifile scan.doc.xls.ppt Filetype check.txt file Other filetypes Disallowed Quarantine Scan report Detect dirty words Other filetypes Allowed: jpeg, pdf Reviewers Approve? No Human reviewers Yes 33

34 Trial 1.56 Downguard Features Owl Release Management System (ORMS) Features Multiple-human Review and Purifile TM Content Scanning: Deep Content Scanning of Microsoft Office Filetypes.doc,.xls,.ppt Scan results rendered in human-readable report Detects improperly embedded info content not obvious to human reviewer. Examples include: White text on white background Image or text shrunk to line or point 34

35 Top Secret Intelligence Network Trial 1.56 Data Fusion Throughput Throughput limited by Mandatory human review Secret Data Fusion Network High throughput upguard, Fully automated scanning Unclass Public Network 35

36 Trial 1.56 Streaming Video Demonstration Local Source Isolated Peer Network Video Display Destination Workstation Video Source Control Workstation Streaming Video Data Source Upguard Receive Server DVD player Unclass Network 36

37 Trial 1.56 Streaming Video Demonstration Remote Source Isolated Peer Network Video Display Destination Workstation Video Source Control Workstation Streaming Video Data Source Upguard Receive Server DVD player Unclass Network 37

38 Case Study 2 Summary: Upguard Data Diode file xfer - malware scan Downguard Data Diode document xfer - deep content scan - multi human review Peer-to-peer streaming video - multiple concurrent streams 38

39 Case Study 3 CWID Trial 1.56 includes three virtual trials that use Data Diode as an enterprise service: Geolap (Shirleys Bay, Canada) - Large GIS image files - populated GIS directory structures New Zealand - Low bandwidth TCP file transfers (no FTP) SPAWAR (US Navy, San Diego, CA) - integration with Sharepoint web services 39

40 CWID Trial 1.56 Global Reach Trial 1.56 Data Transfer Paths 40

41 CWID Trial 1.56 Virtual Players, All Top Secret Network RFTS Content Scan Human Review RFTS SPAWAR Workstations, San Diego Sharepoint Core Services, Virginia 2 Geolap destination 1 WinXP RFTS Win2003 server 2 1 RFTS 1 WinXP JIIFC Data Fusion Platform, mapped drives 2 5 NZ data source Sharepoint Server 2 Win2003 server 3 RFTS Secret Network RFTS CFMCC N6 2 SPAWAR Shared Directory 4 Geolap Source Win2003 Server 4 Antivirus Scan RFTS WinXP JIIFC Source Platform, mapped drive NZ data fusion destination Win2003 Server 7 Unclass Network SD CMOC COMMO Sharepoint Server 4 SPAWAR Shared Directory DVD player Win2003 server 8 WinXP JIIFC 9 Video Display workstation RFTS NZ data source Shirleys Bay Isolated Network New Zealand Workstations 41

42 CWID Trial 1.56 Enterprise Deployment Top Secret Network Human Review Content Scan NZ data source Secret Network CFMCC N6 Sharepoint Server Isolated Network NZ data fusion destination CMOC COMMO Sharepoint Server Malware Scan NZ data source Unclassified Network Western US Eastern US Canada NZ Low Bandwidth VPN New Zealand 42

43 Virtual Trial New Zealand Detail New Zealand Connectivity via TCP File Transfer no FTP services Top Secret Network Top Secret Network Files only Content Scan Human Review Dual Diode RFTS Receive RFTS Send RFTS Receive NZ Data Source NZ Data Destination Files only Dual Diode Antivirus scan RFTS Send RFTS Receive NZ Low Bandwidth VPN Secret Fusion Destination Network RFTS Send NZ Data Source Unclass Network Unclass Network 43

44 Virtual Trial 1.56, SPAWAR Detail SPAWAR Role Player access to DualDiode via Sharepoint Web Portal Users located in San Diego, CA Sharepoint Web Portal Windows Server Platform Folder Trial1.56 SPAWAR Shared folder Sharepoint Servers located in VA Sharepoint Web Portal Windows Server Platform Folder Trial1.56 SPAWAR Shared folder Secret Network Data Diode Servers located in Shirleys Bay, Canada SPAWAR Antivirus SPAWAR DualDiode Receive server DualDiode Send Server Unclass Network 44

45 Case Study 3 Summary: Enterprise Cross Domain Xfer Service Upguard file xfer - malware scan - TCP file xfer service (RFTS, no FTP) - Sharepoint web server GUI Downguard file xfer - content scan - multi human review 45

46 CWID 2007 Results - Proven Success! Data Diode Cross Domain Connectivity Large files and directory structures 13 parallel MPEG video streams Low bandwidth VPN operation Sharepoint integration Easy to use 100% transfer success 46

47 Summary Three CWID 2007 case studies were presented: 1. Trial 3.27 IIMS Sensors, Command, Control 2. Trial 1.56 DualDiode - Data Fusion, Video Stream 3. Enterprise Scale Data Diode Deployment Conclusions Data Diodes provide reliable real-time connectivity while maintaining high levels of network security. Data Diode capability may be scaled upward to provide Enterprise-Scale Cross Domain Solutions 47

48 owlcti.com Thank You! Any Questions?

49 Special Notes on Cross Domain Solutions Unified Cross Domain Management Office (UCDMO) sets Cross-Domain security policies across DNI, DoD New data sharing paradigms based on Risk Management rather than data confidentiality UCDMO maintains a baseline list of approved Cross Domain Solutions The UCDMO baseline list includes TSABI-OWT, a Data Diode Cross Domain Solution 49

50 TSABI-OWT Product Graphic Owl Dual Diode Source Data GOTS Software GOTS Software Destination Data Network Boundary 50

51 Cross-Domain Upguard File Transfer Solution Source Network Destination Network Owl RFTS Client Owl RFTS Server Quarantine Owl RFTS Client Owl RFTS Server Source directory Scan directory Owl DFTS Owl DFTS Receive directory Destination directory User Source Antivirus scan User Destination Send Server Receive Server Antivirus scan is an example of a conditional forward data transfer policy in series with unconditional one-way transfer policy 51

52 Additional Security Requirements Satisfied by adding Security Appliances Secret Destination Network Intrusion Detection Appliance Antivirus software Owl DFTS Owl DFTS Send Server Receive Server Firewall Appliance DMZ Unclass Source Network 52

53 toll free

54 DualDiode Technology Send Only & Receive Only NIC pair, 155 Mbps 54

55 DualDiode System Installation Send and Receive Owl Cards installed in host computer platforms Send Server Receive Server Create Send and Receive gateways for their respective networks. 55